Safe, secure & reliable. We’ve invested heavily to ensure your data is safe and available. As developers ourselves, we put security as one of our top priorities when designing applications. We follow all the industry standards.


CodeFlow never collects or stores passwords for external applications like Gitlab, Bitbucket, or others.

All the third party integrations at CodeFlow are done via mechanisms such as API tokens and OAuth.

Project Cloning

Projects are cloned into temporary disk locations, using custom container per project. The code only remains in the container while we are running analyses and is erased once they're finished.

We terminate all containers used for code analysis, effectively removing all projects and settings from the machine on a daily basis. Allowing us to never have the same machine running for more than a few hours.

Server Information

All servers are hosted on Amazon Lambda within the region of Europe. These serverless containers are erased and rebuilt several times a day. Everything is encrypted on our containers, including third-party tokens (such as GitLab and Bitbucket), as is code itself.

The database stores only the code fragments we need in order to show you results in a reasonable amount of time.

Read more about Amazon’s Security Policy:

Internal employee policies

None of our team members can clone or see your code in its entirety. For debugging purposes, we use the platform to see dashboard and issues breakdown, but never your code. You feeling safe about your code is of crucial importance to us.